Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.

7. Use the same username and password for everything

Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.

Don't worry about it again. After all, if you don't make any more changes, what can go wrong?

5. Do all upgrades on the live site right away

Who needs a development and testing server anyway? If an installation fails, you'll just uninstall it again. That will hopefully also undo any damage the installation caused.

4. Trust third-party extensions

Install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing.

Hey, nothing has gone wrong so far, and if it ain't broke don't fix it! Same plan for the third-party extensions. Too much work; life's a beach.

2. When your site gets cracked, panic your way into the Joomla! Forums

Start a new post with a very familiar title: "Help! My Site's Been Hacked!" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions you installed.

1. Once your site's been cracked, fix the defaced index.php file and assume all else is well

Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming action. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.

About this list

This list originally appeared late one night on the Joomla Forums after one developer ended a particularly long round of crack recovery. It turns out to have hit many a nerve among Joomlaists far and wide and has since been translated into several languages. Some nerves were near the funny bone, others painfully far from it. Your experience may vary.